CVE Daily
← All years

All CVEs — 2014

Page 6/34.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2014-11-11
Critical

CVE-2014-0586

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe…

CVSS: 10.0 CWE: CWE-94
Read more
Critical

CVE-2014-0585

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe…

CVSS: 10.0 CWE: CWE-94
Read more
Critical

CVE-2014-0584

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe…

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2014-0583

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK…

CVSS: 7.5 CWE: CWE-119
Read more
Critical

CVE-2014-0582

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK…

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2014-0577

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe…

CVSS: 10.0 CWE: CWE-94
Read more
Critical

CVE-2014-0574

Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK…

CVSS: 10.0 CWE: CWE-94
Read more
Medium

CVE-2014-6346

Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclo…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2014-6345

Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2014-6340

Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclo…

CVSS: 4.3 CWE: CWE-200
Read more
Critical

CVE-2014-6335

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2014-6334

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document…

CVSS: 9.3 CWE: CWE-94
Read more
Critical

CVE-2014-6333

Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code…

CVSS: 9.3 CWE: CWE-94
Read more
High

CVE-2014-6332

OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT…

CVSS: 8.8 CWE: CWE-119
Read more
Medium

CVE-2014-6323

Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerabilit…

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2014-6322

The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow…

CVSS: 4.3 CWE: CWE-20
Read more
Critical

CVE-2014-6321

Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8…

CVSS: 10.0 CWE: CWE-94
Read more
Medium

CVE-2014-6318

The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, an…

CVSS: 4.3 CWE: CWE-287
Read more
High

CVE-2014-6317

Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows…

CVSS: 7.1 CWE: CWE-129
Read more
Critical

CVE-2014-4149

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted d…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2014-4118

XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2,…

CVSS: 9.3 CWE: CWE-94
Read more
Medium

CVE-2014-4116

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elev…

CVSS: 4.3 CWE: CWE-79
Read more
2014-11-10
Medium

CVE-2014-8709

The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext i…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2014-8559

The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and syst…

CVSS: 5.5 CWE: CWE-400
Read more
High

CVE-2014-8369

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to caus…

CVSS: 7.8 CWE: CWE-119
Read more
High

CVE-2014-7826

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or ca…

CVSS: 7.8 CWE: CWE-476
Read more
High

CVE-2014-7825

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of servi…

CVSS: 7.8 CWE: CWE-125
Read more
Medium

CVE-2014-3690

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allow…

CVSS: 5.5 CWE: CWE-400
Read more
High

CVE-2014-3687

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplic…

CVSS: 7.5 CWE: CWE-400
Read more
High

CVE-2014-3673

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and ne…

CVSS: 7.5 CWE: CWE-20
Read more
Low

CVE-2014-3645

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS cr…

CVSS: 2.1 CWE: CWE-20
Read more
Medium

CVE-2014-3611

Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS cras…

CVSS: 4.7 CWE: CWE-362
Read more
2014-11-08
Medium

CVE-2014-7819

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.…

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2014-7818

Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4…

CVSS: 4.3 CWE: CWE-22
Read more
Medium

CVE-2014-6300

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arb…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2014-6161

Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2014-6159

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial…

CVSS: 3.5 CWE: CWE-20
Read more
Low

CVE-2014-6146

IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitiv…

CVSS: 1.9 CWE: CWE-200
Read more
Medium

CVE-2014-6097

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

CVSS: 4.0 CWE: CWE-20
Read more
2014-11-07
Medium

CVE-2014-8510

The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration inp…

CVSS: 4.0 CWE: CWE-20
Read more
Medium

CVE-2014-6623

Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-6620

Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2014-5038

Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.

CVSS: 2.1 CWE: CWE-200
Read more
Low

CVE-2014-5037

Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.

CVSS: 2.1 CWE: CWE-200
Read more
Low

CVE-2014-3640

The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local users to cause a denial of service (NULL pointer dereference) by sending a udp packet with a value of 0 in the source port and a…

CVSS: 2.1 CWE: CWE-476
Read more
Medium

CVE-2014-8672

Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-8671

Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-7990

Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 devices does not properly parse the "request system shell" challenge response, which allows local users to obtain Linux root access…

CVSS: 6.8 CWE: CWE-20
Read more
Medium

CVE-2014-7989

Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176.

CVSS: 6.8 CWE: CWE-20
Read more
Medium

CVE-2014-7988

The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and earlier allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCur06493.

CVSS: 4.0 CWE: CWE-200
Read more
High

CVE-2014-4627

SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS: 8.8 CWE: CWE-89
Read more
Medium

CVE-2014-3438

Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script o…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-2179

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2014-2178

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 a…

CVSS: 6.8 CWE: CWE-352
Read more
Critical

CVE-2014-2177

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote aut…

CVSS: 9.0 CWE: CWE-94
Read more
2014-11-06
Medium

CVE-2014-6030

Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlyS…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2014-5451

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" par…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-5258

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

CVSS: 4.0 CWE: CWE-22
Read more
Critical

CVE-2014-8669

The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2014-8668

SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2014-8667

Cross-site scripting (XSS) vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-8666

The User & Server configuration, InfoView refresh, user rights (BI-BIP-ADM) component in SAP Business Intellignece allows remote attackers to obtain audit event details via unspecified vectors.

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2014-8665

The SAP Business Intelligence Development Workbench allows remote attackers to obtain sensitive information by reading unspecified files.

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2014-8664

SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2014-8663

SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2014-8661

The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.

CVSS: 10.0 CWE: CWE-94
Read more
High

CVE-2014-8660

SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.

CVSS: 7.2 CWE: CWE-94
Read more
Medium

CVE-2014-8659

Directory traversal vulnerability in SAP Environment, Health, and Safety allows remote attackers to read arbitrary files via unspecified vectors.

CVSS: 5.0 CWE: CWE-22
Read more
Medium

CVE-2014-8658

Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit cont…

CVSS: 4.0 CWE: CWE-79
Read more
Medium

CVE-2014-8654

Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attacke…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2014-8653

Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-8508

Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, relat…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-8483

The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a malformed string.

CVSS: 5.0 CWE: CWE-125
Read more
Medium

CVE-2014-8352

Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2014-8351

SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2014-7959

SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the t…

CVSS: 6.5 CWE: CWE-89
Read more
Medium

CVE-2014-7958

Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML v…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-5257

Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-4664

Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the W…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-0995

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the…

CVSS: 5.0 CWE: CWE-20
Read more
2014-11-05
Low

CVE-2014-8622

Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-valu…

CVSS: 3.5 CWE: CWE-79
Read more
High

CVE-2014-8548

Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2014-8547

libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified othe…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2014-8544

libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecifi…

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2014-8543

libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bound…

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2014-8542

libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID during enforcement of alignment, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2014-8541

libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attacker…

CVSS: 7.5 CWE: CWE-119
Read more
Low

CVE-2014-8326

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web scri…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2014-5417

Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecifie…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-5408

Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or H…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to caus…

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2014-2374

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.

CVSS: 7.5 CWE: CWE-200
Read more
High

CVE-2014-2373

The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified U…

CVSS: 7.5 CWE: CWE-287
Read more
2014-11-04
High

CVE-2014-2718

ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, and possibly other RT-series routers before firmware 3.0.0.4.376.x do not verify the integrity of firmware (…

CVSS: 7.1 CWE: CWE-345
Read more
Medium

CVE-2014-3461

hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."

CVSS: 6.8 CWE: CWE-119
Read more
High

CVE-2014-0182

Heap-based buffer overflow in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted config length in a savevm image.

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-6399

Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2013-4542

The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds arr…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4541

The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted savevm image, related to a negative setup_len or setup_inde…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4540

Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a large (1) prev_level, (2) gpio_level, or (3) gpio_dir value in a savevm…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4539

Multiple buffer overflows in the tsc210x_load function in hw/input/tsc210x.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via a crafted (1) precision, (2) nextprecision…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4538

Multiple buffer overflows in the ssd0323_load function in hw/display/ssd0323.c in QEMU before 1.7.2 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitra…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4537

The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted arglen value in a savevm image.

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2013-4534

Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors related to IRQDest elements.

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4533

Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_lev…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4531

Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative value in cpreg_vmstate_array_len i…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4530

Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted tx_fifo_head and rx_fifo_head values in a sa…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4529

Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large log_num value in a savevm image.

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4527

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers.

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4526

Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to migrating ports.

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4151

The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write.

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2013-4150

The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 through 1.7.x before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors in whi…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2013-4149

Buffer overflow in virtio_net_load function in net/virtio-net.c in QEMU 1.3.0 through 1.7.x before 1.7.2 might allow remote attackers to execute arbitrary code via a large MAC table.

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2014-8473

Cross-site request forgery (CSRF) vulnerability in CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2014-8472

CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access re…

CVSS: 6.8 CWE: CWE-287
Read more
Medium

CVE-2014-6130

The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information b…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2014-8593

Multiple cross-site scripting (XSS) vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) default URI to admin.php or the (2) id parameter…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2014-4974

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local us…

CVSS: 2.1 CWE: CWE-200
Read more
High

CVE-2014-8588

SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2014-8586

SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.

CVSS: 7.5 CWE: CWE-89
Read more